Vulnerabilities > Mediawiki > High

DATE CVE VULNERABILITY TITLE RISK
2024-10-05 CVE-2024-47846 Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki Cargo 3.6.0
Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.
network
low complexity
mediawiki CWE-352
8.8
8.8
2023-10-09 CVE-2023-45371 Allocation of Resources Without Limits or Throttling vulnerability in Mediawiki
An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
network
low complexity
mediawiki CWE-770
7.5
7.5
2023-10-09 CVE-2023-45363 Infinite Loop vulnerability in multiple products
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1.
network
low complexity
mediawiki debian CWE-835
7.5
7.5
2023-09-25 CVE-2023-3550 Cross-site Scripting vulnerability in multiple products
Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator.
network
low complexity
mediawiki debian CWE-79
7.3
7.3
2022-09-19 CVE-2022-28203 Release of Invalid Pointer or Reference vulnerability in multiple products
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2.
network
low complexity
mediawiki debian CWE-763
7.5
7.5
2022-04-29 CVE-2022-29904 SQL Injection vulnerability in Mediawiki
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints.
network
low complexity
mediawiki CWE-89
7.5
7.5
2021-12-20 CVE-2021-44858 Incorrect Default Permissions vulnerability in Mediawiki
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.
network
low complexity
mediawiki CWE-276
7.5
7.5
2021-10-11 CVE-2021-41799 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time).
network
low complexity
mediawiki fedoraproject CWE-770
7.5
7.5
2021-10-11 CVE-2021-41801 Unspecified vulnerability in Mediawiki
The ReplaceText extension through 1.41 for MediaWiki has Incorrect Access Control.
network
low complexity
mediawiki
8.8
8.8
2021-07-02 CVE-2021-35197 Incorrect Authorization vulnerability in multiple products
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access.
network
low complexity
mediawiki debian fedoraproject CWE-863
7.5
7.5